Lucene search
+L

17 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 3:7 p.m.13 views

Security Bulletin: A vulnerability in the Axios library affects Db2 Big SQL

Summary A vulnerability in the Axios library affects Db2 Big SQL 7.8 and earlier on Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

9.8CVSS5.9AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 4:34 p.m.8 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Origin Validation Error in Grafana (CVE-2024-57965)

Summary Axios is a dependency of Grafana, and Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-57965 Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

9.8CVSS6.9AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:21 a.m.6 views

Security Bulletin: Axios before 1.7.8 uses setAttribute('href') in isURLSameOrigin.js, raising potential security concern

Summary In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a...

9.8CVSS7.1AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 11:4 a.m.6 views

Security Bulletin: A vulnerability in axios may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-57965)

Summary There is a vulnerability in axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

9.8CVSS7.3AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 10:55 a.m.10 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not u...

9.8CVSS5.3AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/29 7:21 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.3.4.min.js, axios-1.7.7.tgz CVE-2024-57965. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

9.8CVSS6.6AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/06 7:11 p.m.18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',hr...

9.8CVSS7.9AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:52 a.m.22 views

Security Bulletin: Multiple vulnerabilities affect IBM Business Automation Workflow - CVE-2025-27789, CVE-2024-57965, CVE-2025-27152, CVE-2024-55565

Summary Some IBM Business Automation Workflow user interfaces may be affected by vulnerabilities in JavaScript libraries. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...

9.8CVSS9.4AI score0.00759EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:23 a.m.54 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...

9.8CVSS9.5AI score0.03153EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/14 9:39 p.m.16 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation which could result in an unwanted setAttribute('href',href) (CVE-2024-57965)

Summary A vulnerability in axios affects IBM Robotic Process Automation which could result in an unwanted setAttribute'href',href. IBM Robotic Process Automation uses axios as part of the user interface. This bulletin identifies the fixes or remediations available to resolve this vulnerability...

9.8CVSS6.7AI score0.00369EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-57965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',hr...

9.8CVSS7.5AI score0.00369EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 11:48 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

9.8CVSS7.9AI score0.01414EPSS
Exploits1Affected Software1
UbuntuCve
UbuntuCve
added 2025/01/29 9:15 a.m.18 views

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

9.8CVSS7.1AI score0.00369EPSS
Exploits0References3
Circl
Circl
added 2025/01/29 9:9 a.m.5 views

CVE-2024-57965

creationtimestamp| type| source ---|---|--- 2025-01-29 09:09:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113910859195697321 2025-01-29 09:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgun2bt7l22i 2025-01-29 10:10:11+00:00|...

9.8CVSS7.1AI score0.00369EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/01/29 12:0 a.m.18 views

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

0.00369EPSS
Exploits0References4
OSV
OSV
added 2025/01/29 12:0 a.m.10 views

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

6.8AI score0.00369EPSS
Exploits0References6
CVE
CVE
added 2025/01/29 12:0 a.m.184 views

CVE-2024-57965

CVE-2024-57965 is a vulnerability in axios (before 1.7.8) where isURLSameOrigin.js does not use a URL object to determine origin and may perform an unwanted setAttribute('href', href). IBM security bulletins align this CVE with IBM Db2 Big SQL on Cloud Pak for Data and related products, noting an...

9.8CVSS7.2AI score0.00369EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder